Litcius/Paper detail

Understanding Indicators of Compromise against Cyber-attacks in Industrial Control Systems: A Security Perspective

Mohammed Asiri, Neetesh Saxena, Rigel Gjomemo, Pete Burnap

2023ACM Transactions on Cyber-Physical Systems67 citationsDOIOpen Access PDF

Abstract

Numerous sophisticated and nation-state attacks on Industrial Control Systems (ICSs) have increased in recent years, exemplified by Stuxnet and Ukrainian Power Grid. Measures to be taken post-incident are crucial to reduce damage, restore control, and identify attack actors involved. By monitoring Indicators of Compromise (IOCs), the incident responder can detect malicious activity triggers and respond quickly to a similar intrusion at an earlier stage. However, to implement IOCs in critical infrastructures, we need to understand their contexts and requirements. Unfortunately, there is no survey paper in the literature on IOC in the ICS environment, and only limited information is provided in research articles. In this article, we describe different standards for IOC representation and discuss the associated challenges that restrict security investigators from developing IOCs in the industrial sectors. We also discuss the potential IOCs against cyber-attacks in ICS systems. Furthermore, we conduct a critical analysis of existing works and available tools in this space. We evaluate the effectiveness of identified IOCs’ by mapping these indicators to the most frequently targeted attacks in the ICS environment. Finally, we highlight the lessons to be learned from the literature and the future problems in the domain along with the approaches that might be taken.

Topics & Concepts

CompromiseIndustrial control systemComputer securityComputer scienceRisk analysis (engineering)CyberspaceControl (management)Domain (mathematical analysis)Perspective (graphical)BusinessThe InternetPolitical scienceMathematicsLawArtificial intelligenceWorld Wide WebMathematical analysisInformation and Cyber SecuritySmart Grid Security and ResilienceNetwork Security and Intrusion Detection